Encrypted Traffic VisibilityProviding Visibility of Threats at Scale Whilst Maintaining Security and Privacy
SSL/TLS: Safe Traffic or Just Invisible Traffic?
Encryption technology has enabled much greater privacy and security for enterprises that use the Internet to communicate and carry out business online.
However, businesses are not the only ones to benefit from encryption. Threat actors have leveraged these same benefits to evade detection and to secure their malicious activities, launching 2.8 million encrypted attacks in 2019 so far.
70% of Malware Campaigns Using Encryption by 2020
Traditional threat inspection with bulk decryption, analysis, and re-encryption is not always practical or feasible, for performance and resource reasons. Also, it compromises privacy and data integrity.
More than 70% of malware campaigns in 2020 will use some type of encryption to conceal malware delivery, command-and-control activity, or data exfiltration and 60% of organisations will fail to decrypt HTTPS efficiently, missing critical encrypted threats.
Gain Visibility of Encrypted Traffic Without Decryption
Our Encrypted Traffic Visibility (ETV) exposes threats and stops attacks hidden in encrypted traffic in milliseconds without decryption.
ETV detects known attack signatures and anomalous behaviour without decrypting source data by combining network TCP/IP and SSL metadata with AI, machine learning and behavioural analytics.
ETV ultimately delivers a lightweight, accurate solution that increases an organisations visibility while maintaining security and privacy.
Benefits and Features
Business benefits are abundant when it comes to our Encrypted Traffic Visibilty solution.
Gain Visibility into Encrypted Traffic
Expose hidden threats and abnormal traffic without decryption.
Real-Time Threat Detection
Detect attacks and abnormal behaviour in milliseconds using a combination of machine learning and behavioural analytics.
Achieve 99.997% accuracy in attack detection and reduce false positives to 0.0006% of total traffic.
By analysing traffic flow, initial TCP packets and SSL metadata we only collect 1% to 3% of the traffic to protect your bandwidth
Resolving the TLS 1.3 Challenge
Better for Individuals - Harder for Enterprises
TLS version 1.3 addresses a number of things to make the protocol fit for the future:
- It removes some old and creaky cryptography which we really shouldn’t be using anymore.
- It makes a bunch of attacks less likely.
- It adds some more robust connection privacy protection, intended to protect individuals from ‘pervasive monitoring’.
The challenge is that these changes will make the enterprise security model much, much harder!
TLS1.3 Makes Decryption Almost Impossible
Another new security feature in TLS 1.3, means that decryption is no longer allowed. It will see any decryption attempt as a “Man in the Middle” attack, and terminate the session. This means that any security products that need to decrypt will no longer work.
It’s also impossible to whitelist sites anymore because server certificates are encrypted and cannot be verified. So, current solutions will be unable to work out whether you’re communicating with your bank, or if malware on your machine is talking to its criminal masters, without breaking the connection.
Traditional Methods Are Failing
With TLS 1.3, organisations need to proxy for the entire duration of the connection. This reduces the privacy of your employees, massively increases equipment and power costs, and probably increases overall technical risk for the enterprise and its employees.
By looking at metadata, ours really is the only solution that provides visibility of threats at scale whilst maintaining privacy.
ETV provides high-performance visibility of inbound and outbound SSL/TLS traffic without the need for decryption, using TLS/SSL Metadata combined with machine learning and behavioural analytics to expose threats and stop attacks.